Yeah, start_build.sh already jumps into derivative-maker.
cd -- "${SOURCE_DIR}"
So instead of this
"${SOURCE_DIR}/derivative-maker" "$@" | tee -a -- "${BUILD_LOG}"
We just do that instead
"$@" | tee -a -- "${BUILD_LOG}"
Then the user could pass whatever they want to run.sh, with ./derivative-maker as working directory.
Maybe some enhanced argument parsing to capture wrong format and return an info dialog.
And alias or wrapper to make the final command prettier.
Edit: Maybe even an additional option like --build-step|-b) or -dm|--derivative-maker) ? Ok lots of options, Iāll come up with something cool to make it simple and short.
When youāve manually entered the container and repeat builds, the check works, because the key has been imported and gpg exits 0.
But on full container restarts, the key needs to be imported every time,
thus gpg --quiet --list-keys -- "${FINGERPRINT}" &>/dev/null exits 1 (actually 2).
I guess key check is somewhat optional. Not useful as a security feature in that place. Either source code digital signatures have been verified prior execution of docker they havenāt.
If I wanted this functionality as a sanity test or CI test, it could be done outside of docker inside a derivative-maker build-step.
So I guess itās best to remove this from docker. Doesnāt belong there.
Actually since docker invocation can change the git tag, source code verification is probably desirable before switching the git tag.
Yes I actually agree, also because if removed then git verify-commit needs to be scrapped too, because it requires the key to be imported.
I originally liked that you requested this back in tbh.
It was just super in my face during repeated restarts.
Why would one skip the test? Itās super fast, not noticeable? So best always run it?
I think it was more about the git stage, because on every restart that part consumed a couple seconds because of git pull etc, which annoyed me.
Iām very sensitive to lag.
OK, Iāll pipe the key verification to build.log, check everything again and file a new pull.
There can be opt-in environment variables to skip all sorts of things such as git pull.
Or even git pull could be removed. Or opt-in. Dunno what is best.
This is only guided on how to archive maximum security and usefulness.
Not sure whatās best. Require git pull outside of docker (additional typing) versus docker doing git pull and an option or environment variable to skip git pull.
Iām writing the documentation right now and wanted to make a derivative-maker-docker logo. Do you have anything specific in mind? Here are some drafts:
Thatās awesome!
Hmm, failed.
Iāll take a closer look later.
gpg: can't open '/home/user/derivative-maker/packages/kicksecure/repository-dist/usr/share/keyrings/derivative.asc': No such file or directory
Sending SIGTERM to remaining processes...
Done. Iāll make changes today or tomorrow. Gonna take a look at your latest commits. Damn, I like it when you donāt have to change much after a pull. Gotta be cleaner.
You can track the progress on the doc here. (Iām writing it in a private repo, but will update the official one when new parts are done )
Yeah, maybe this should be IMAGE_ID anyway. In case the user creates multiple images. Iāll try to improve that. And yes, needed a backspace, thank you.
I donāt understand this. In any case, such functionality relying on third-party domain names is probably best avoided for security (in case shields.io gets compromised) and for privacy (avoiding links to google.com).
{
[ -z "${GIT}" ] || git pull
git checkout --recurse-submodules "${TAG}"
[ "$TAG" = "master" ] || git describe
git status
} 2>&1 | tee -a -- "${GIT_LOG}"
This syntax is problematic because error handling does not apply in subshell. Please avoid subshells whenever possible due to error handling issues. Shell functions are preferable.
Kicksecure and Whonix by extension source code and documentation follows System Security LevelAlways use software signatures verification.
Quote:
Host preparation.
Get Kicksecure source code (which includes Kicksecure build script).
Verify digital software signatures.
Run Kicksecure build script
Done, build of Kicksecure has been completed.
This is not yet implemented in this docker pull request. Documentation should recommend to verify software signatures prior execution of any build scripts.
derivative-maker-docker-start as is now supports git fetch, git checkout and execution of unverified source code.
The probably unsolvable problem is, that derivative-maker-docker-start cannot support git fetch, digital software verification at first execution, because
there is no signing key yet. (The signing key issue could maybe be simplified a bit by shipping a copy of the signing key inside derivative-maker repository.)
the script cannot verify itself. The user needs to do a manual initial digital software signatures verification first. [1]
Anything that automates git checkout should probably only be done after the first manual verification.
So maybe we can let derivative-maker-docker-start do git checkout, git verify, but only if the signing key has already been imported? And document to do the first verification manually.
[1] Unless the user can review that script to be non-malicious by scanning for Invisible Malicious Unicode Risks as well as doing a source code review.
Another way would be to make TAG an --env and no longer allow empty ā latest tag search.
If itās empty in derivative-maker-docker-run then TAG="master". But then again, this would force the user to assign --tag @ build cmd.
Sure thing. Iāll put the if back and add checkout, but why does it have to be manual? Couldnāt the verification + key grab be executed in a script that runs prior to derivative-maker-docker-start?
Basically, you just add derivative-maker-docker-key to $@ in derivative-maker-docker-run which handles pre-verification, no?